Cash is extensively given as a gift on occasions such as weddings, birthdays, anniversaries, house warming ceremonies, festivals, the birth of a child, etc. A cash gift may avoid problems associated with receiving an incorrect or unwanted gift, such as disappointment and/or the hassle of attempting to exchange the gift.
However, giving cash may not be socially acceptable in all circumstances and may be considered impersonal. Large quantities of physical cash may also be difficult to safely deliver to the recipient, may be easily lost and may be targeted for theft.
Gift cards have risen in popularity as an alternative to cash gifts. Typically, a gift card will be obtained from a merchant such that the recipient is restricted to making purchases from that merchant using the gift card. This allows the giver to select a particular merchant that is likely to offer goods or services desired by the recipient, but still provide the recipient with the flexibility to select a specific gift for purchase.
However, gift cards rely on use of a physical card and generally do not involve any security measures and thus, like cash, are still prone to loss or theft. Furthermore, there is generally minimal scope for personalisation of a gift card since this will need to be selected from a limited range of physical cards.
Moreover, a gift card can be less convenient than cash due to the need for the giver to purchase the gift card from the merchant, the need for the merchant to carry an inventory of physical cards for purchase, and the need for the recipient to carry a physical card until the gift card is ultimately redeemed with the merchant.
Electronic funds transfer methods can allow funds to be given to a recipient in a significantly more secure manner than physical cash. However, a gift of electronically transferred funds is generally seen as being even more impersonal than a gift of physical cash, since the only tangible result is an increase in the recipient's account balance.
A digital wallet (also known as an electronic wallet) can allow an individual to make electronic commerce transactions, for example to purchase products online using a computer or at a store using a smartphone. Whilst some digital wallet implementations can also allow an individual to transfer funds to another individual, a funds transfer using a digital wallet will have similar downsides as discussed above for other electronically transferred funds.
In the electronic commerce environment, consumers and corporate purchasers generally interact with merchants from personal computers or mobile computing devices such as smartphones. A cardholder (or account holder—a physical card is not necessary) uses a payment account number or card (or other payment device) that has been issued by an issuer. A secure transaction protocol ensures that the cardholder's interactions with the merchant, and specifically the payment card account information, remain confidential.
As used herein, a “payment card” or “payment device” refers to any suitable cashless payment device, such as a credit card, a debit card, a prepaid card, a charge card, a membership card, a promotional card, a frequent flyer card, an identification card, a gift card, and/or any other device that may hold payment account information, such as mobile phones, smartphones, personal digital assistants (PDAs), key fobs, transponder devices, NFC-enabled devices, tablets and/or computers.
The typical participants, entities or components (in addition to the account holder) involved in a payment transaction are the issuer, the merchant, the acquirer and (optionally) a payment gateway, each of which can be described as follows:                1. An issuer is a financial institution that establishes an account for a cardholder and most often issues the payment card. The issuer guarantees payment for authorized transactions using the payment card in accordance with payment card brand regulations and local legislation.        2. A merchant offers goods for sale or provides services in exchange for payment. The merchant can offer its cardholders secure electronic interactions. A merchant that accepts payment cards must have a relationship with an acquirer, which is the financial institution that establishes an account with a merchant and processes payment card authorizations and payments.        3. A payment gateway is a device operated by an acquirer or a designated third party that processes merchant payment messages, including payment instructions from cardholders.        
In one known form of secure transaction, the 3-D Secure protocol may be used to add a security layer to online e-commerce transactions. Two implementations of 3-D Secure are known as Verified by Visa and MasterCard SecureCode.
Verified by Visa Acquirer and Merchant Implementation Guide (https://usa.visa.com/dam/VCOM/download/merchants/verified-by-visa-acquirer-mechant-implementation-guide.pdf) describes a 3-D Secure online program designed to make Internet purchase transactions safer by authenticating a cardholder's identity at the time of purchase, before the merchant submits an authorization request. This document, in its entirety, is hereby incorporated into this specification for all purposes by way of reference.
MasterCard Secure Code    (https://mastercard.us/content/dam/mccom/en-us/documents/SMI_Manual.pdf) describes another 3-D Secure online program. This document, in its entirety, is hereby incorporated into this specification for all purposes by way of reference. U.S. patent application Ser. No. 13/209,312 (Wong) generally discloses a phone-based electronic wallet that provides transactions across multiple channels of commerce. The electronic wallet described therein can be used for point of sale payments, remote mobile payments and/or web based payments. The disclosure of U.S. patent application Ser. No. 13/209,312 in its entirety is hereby incorporated into this specification by way of reference.
FIG. 1 is a flow chart depicting the wallet application being used in an e-commerce transaction (e.g., a phone-initiated transaction) with an online PIN. Paragraph 39 of Wong provides the following summary of with reference to that Figure:
In step 300, the consumer selects the “wallet” icon on the merchant's site. The consumer then selects the wallet application (step 302), which then displays a log in form (step 304). Alternatively, the wallet may be auto-detected. The consumer logs in at step 306, views the listed cards at step 308, and thereafter selects the appropriate payment card and shipping details (step 310). At step 312, the wallet questions whether an online PIN is associated with the card. The existence of the online PIN is confirmed at step 314. In step 316, the wallet requests entry of the online PIN into the phone. The online PIN is entered at step 318. Thereafter, the online PIN is encrypted (step 320), and forwarded to the merchant for authorization (step 322). The transaction is validated at step 324, payment is approved at step 326, resulting in a happy consumer (step 328).
U.S. patent application Ser. No. 13/835,088 (Nwokolo) generally discloses a system of tokenizing sensitive cardholder payment information for use in cashless transactions. The disclosure of U.S. patent application Ser. No. 13/835,088 in its entirety is hereby incorporated into this specification by way of reference. Tokenization is also described in detail in the document “EMV Payment Tokenisation Specification—Technical Framework” (version 1.0, March 2014) of EMV Co., which is hereby incorporated into this specification for all purposes by reference. The EMV Payment Tokenisation Specification is available at www.emvco.com.
Nwokolo identifies that electronic wallets are becoming a more prevalent counterpart to electronic forms of payment for a wide variety of transactions. Nwokolo puts forward that the system above described in Wong, together with the system being the subject of U.S. patent application Ser. No. 13/746,904 entitled “System and method to enable a network of digital wallets,” includes a federated network of electronic wallets. The purchaser may select this network of wallets which includes partners who are members of the federation, each of whom provide electronic wallet services. One option presented to the purchaser may be the option to use an electronic wallet maintained and provided by the payment processing entity, e.g., MasterPass of MasterCard International Incorporated (assignee of the instant application), which is also operating the network of wallets.
Given the overwhelming volume of transactions consummated per second, and the necessity that transactions be authorized expeditiously in order to be acceptable forms of payment for all parties involved in the transaction, the circumstances naturally lend themselves to automation of the approval process. However, without adequate oversight on an individual or per-transaction basis, and/or without the parties to the transaction being known to others involved, including the intermediary, the opportunity for malicious abuse of the payment system require adequate safeguards.
A problem presented is where the transaction details required to consummate a purchaser's transaction may be used thereafter for malicious purposes, for example if the security of such data is compromised by a third party, or by another bad actor with access to cardholder data used during the transaction.
As a solution to this problem, Nwokolo provides the system shown in FIG. 2(a) which generally performs the steps of:                a) receiving a request to process a cashless transaction between a merchant and a purchaser using first payment data stored with an electronic wallet provider on behalf of the purchaser;        b) receiving first payment data from the electronic wallet provider;        c) tokenizing the first payment data into a payment token; and        d) providing the payment token to the merchant for use in completing the cashless transaction.        
The merchant issues a request to process payment for the cashless transaction using the payment token. The payment token is detokenized into second payment data, with correspondence between the first and second payment data being indicative of payment token authenticity. Payment for the cashless transaction is processed using the second payment data, and the merchant is provided with a response indicating either the success or failure of the payment processing.
It is generally desirable to overcome or ameliorate one or more of the above described difficulties, or to at least provide a useful alternative.
The reference in this specification to any prior publication (or information derived from it), or to any matter which is known, is not, and should not be taken as an acknowledgment or admission or any form of suggestion that the prior publication (or information derived from it) or known matter forms part of the common general knowledge in the field of endeavour to which this specification relates.